Cant sync contacts via KAddressbook

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face: is for home/non-enterprise users. If you’re running a business, paid support can be accessed via where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 12.0.2): 16.0
Operating system and version (eg, Ubuntu 17.04): Arch Linux
Apache or nginx version (eg, Apache 2.4.25): Nginx
PHP version (eg, 7.1): 7.3.4 + UWSGI

The issue you are facing:
I cant sync my contacts with KAddressbook (Kontact)

Is this the first time you’ve seen this error? (Y/N): yes

Steps to replicate it:

  1. add a nextcloud/webdav account
  2. sync
  3. error

The output of your Nextcloud log in Admin > Logging:

{webdav} {"Exception":"Sabre\\DAV\\Exception\\NotAuthenticated","Message":"No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured","Code":0,"Trace":[{"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/\/remote.php\/dav\/calendars\/99999\/contact_birthdays\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/usr\/share\/webapps\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"autoRequireLogin":true,"__class__":"Sabre\\DAV\\Auth\\Plugin"},"beforeMethod"],[{"absoluteUrl":"https:\/\/\/remote.php\/dav\/calendars\/99999\/contact_birthdays\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/usr\/share\/webapps\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",[{"absoluteUrl":"https:\/\/\/remote.php\/dav\/calendars\/99999\/contact_birthdays\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/usr\/share\/webapps\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/\/remote.php\/dav\/calendars\/99999\/contact_birthdays\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/usr\/share\/webapps\/nextcloud\/apps\/dav\/lib\/Server.php","line":316,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/usr\/share\/webapps\/nextcloud\/apps\/dav\/appinfo\/v2\/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},{"file":"\/usr\/share\/webapps\/nextcloud\/remote.php","line":163,"args":["\/usr\/share\/webapps\/nextcloud\/apps\/dav\/appinfo\/v2\/remote.php"],"function":"require_once"}],"File":"\/usr\/share\/webapps\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","Line":168,"CustomMessage":"--"}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'datadirectory' => '/var/lib/nextcloud/data',
  'instanceid' => 'ocsk6q936cke',
  'appstoreenabled' => false,
  'cache_path' => '/var/lib/nextcloud/cache',
  'trusted_domains' => 
  'dbtype' => 'pgsql',
  'version' => '',
  'dbname' => 'nextcloud',
  'dbhost' => '/run/postgresql',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'installed' => true,
  'ldapIgnoreNamingRules' => true,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'log_type' => 'systemd',
  'loglevel' => 0,
  'maintenance' => false,
  'memcache.local' => 'OC\\Memcache\\Redis',
  'memcache.locking' => 'OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/run/redis/redis.sock',
    'port' => 0,
  '' => 'stable',
  'theme' => '',

The output of your Apache/nginx/system log in /var/log/____:

e nginx[10289]: 2019/04/28 03:16:43 [error] 10291#10291: *1638 readv() failed (104: Connection reset by peer) while reading upstream, client:, server:, request: "REPORT /remote.php/dav/addressbooks/users/99999/kontakte/ HTTP/1.1", upstream: "uwsgi://unix:///run/nextcloud.sock:", host: ""
Apr 28 03:16:43 uwsgi[18582]: [pid: 18586|app: -1|req: -1/37507] () {54 vars in 940 bytes} [Sun Apr 28 03:16:43 2019] REPORT /remote.php/dav/addressbooks/users/99999/kontakte/ => generated 557 bytes in 31 msecs (HTTP/1.1 401) 12 headers in 875 bytes (1 switches on core 0)

nginx config:

server {
    listen       443 ssl http2;
    listen [::]:443 ssl;

    ssl_certificate /etc/letsencrypt/live/cloud.example/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cloud.example/privkey.pem; # managed by Certbot
    root /usr/share/webapps/nextcloud;
    client_max_body_size 1G;

    add_header Strict-Transport-Security max-age=15768000;
    add_header X-Robots-Tag "none";
    add_header X-Content-Type-Options "nosniff";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies "none";
    add_header X-Frame-Options "SAMEORIGIN";
    add_header 'Referrer-Policy' 'strict-origin';
    underscores_in_headers on;	

    keepalive_timeout  105;
    keepalive_requests 356;
    reset_timedout_connection on;

    client_body_buffer_size     10M;
    #client_max_body_size        10M;

    rewrite ^/.well-known/carddav  $scheme://$host/remote.php/dav/ permanent;
    rewrite ^/.well-known/caldav   $scheme://$host/remote.php/dav/ permanent;

    # The following 2 rules are only needed with webfinger
    rewrite ^/.well-known/host-meta /public.php?service=host-meta  last;
    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;

    #   location ~ \.(?:css|js|woff2?|svg|gif)$ {
    #try_files $uri $uri/ /index.php;
    location ~ ^(?!\/remote\.php)(?:.*)\.(?:css|js|woff2?|svg|gif)$ {
    	try_files $uri $uri/ /index.php;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        # WARNING: Only add the preload option once you read about
        # the consequences in This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        add_header Referrer-Policy no-referrer;

        # Optional: Don't log access to assets
        #access_log off;

    ignore_invalid_headers off;	

    location ~ \.php(?:$|/) {
        include uwsgi_params;
        uwsgi_modifier1 14;
        # Avoid duplicate headers confusing OC checks
        uwsgi_hide_header X-Frame-Options;
        uwsgi_hide_header X-XSS-Protection;
        uwsgi_hide_header X-Content-Type-Options;
        uwsgi_hide_header X-Robots-Tag;
	#uwsgi_param Authorization $http_authorization;
	uwsgi_pass_header HTTP_AUTHORIZATION; 
	uwsgi_pass_header Authorization; 
	#uwsgi_pass_request_headers on;

        uwsgi_pass unix:///run/nextcloud.sock;

    location = /data/htaccesstest.txt {
  	deny all;
  	log_not_found off;
  	access_log off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php;

uwsgi config:

    ; default for local testing run it like "uwsgi --ini nextcloud.ini"
    ini = :nextcloud
    http-socket = :8000
    http-socket-modifier1 = 14

    static-check = %(nextcloud_dir)
    static-skip-ext = .php
    static-skip-ext = .inc
    offload-threads = 2
    output_buffering = 65535

    harakiri = 240 
    http-timeout = 240 
    socket-timeout = 240 
    worker-reload-mercy = 240 
    reload-mercy = 240 
    mule-reload-mercy = 240

    ini = :nextcloud
    logger = systemd
    die-on-term = yes
    # nginx will set security headers
    env = modHeadersAvailable=true

    master = true
    processes = 4

    nextcloud_dir = /usr/share/webapps/nextcloud

    plugins = php
    php-docroot = %(nextcloud_dir)
    php-index = index.php

    php-allowed-ext = /ocs/v1.php
    php-allowed-ext = /ocs/v2.php
    php-allowed-ext = /index.php
    php-allowed-ext = /cron.php
    php-allowed-ext = /status.php
    php-allowed-ext = /remote.php
    php-allowed-ext = /public.php
    php-allowed-ext = /core/templates/403.php
    php-allowed-ext = /core/templates/404.php
    php-allowed-ext = /core/ajax/update.php

    php-set = date.timezone=Europe/Berlin
    #php-set = open_basedir=
    php-set = session.save_path=/tmp
    php-set = post_max_size=1000M
    php-set = upload_max_filesize=1000M

Hi, I can confirm that your server is reachable over the internet using the address, which is fine in a first step. Are you followed the description in the user manual to configure the sync access?

yes thats exactly how I did it.
Did I miss something in my server configs?

I don’t know if the configuration is missing something, because I personally use a different environment. Due to the fact that the web access seems to be possible I would expect that the contacts access works too, because the same protocol (https) is used.

I only know that Akonadi (the backend) does a request unauthenticated first:

did you try to comment out these rewrites?

yes I did that and it didn’t solved it .
Korfanizer still stoops after receiving 401 and says the server has reset the connection.
I’m suspicious about the uwsgi error .